Auditing Of Shared Services

The term "Shared Services" refers to a particular function / service which is generally used by various operating units in an organization. For example, if an organization has various verticals which are considered as profit centers or if they are spread across various geographical areas, the HR service or the IT services may be used by various verticals in an organization. Sharing of services is method to reduce cost because they are centralized back-office operations which may be used by multiple verticals/ divisions of the organization resulting in reduction of redundancy.

Shared services generally have characteristics, they are centralized, they generally promote automation, they have standardized process and they provide the services as they would provide to any other business. The article tries to explore the review of Shared Services of an organization or providing assurance of the operations of Shared Services.

Before commencing of review or providing assurance of the shared services, it is imperative to have a proper understanding of the Shared Service Centers and its environment. The procedures involved for understanding the shared services would include:

• The way the shared services are structured and the ownership of the shared services provided.
• The process and the activities of the shared services
• Internal controls and the risks associated with the shared services
• The applicability of concept of related parties in the shared services
• The operating model of the shared services (generally cost plus model is followed for shared services)
• Background verification of the promoter group
• Any corporate announcement made by the shared services

After having proper understanding of the Shared Services, it is imperative for the auditor to test the Entity level controls to ensure that they are designed and operating effectively. Few entity level risks for the shared services could be:

• Non approval of the business plans and budgets
• Absence of process to review the budgets and the reliability of budgeting
• Certain activities which require expert knowledge may be performed by person who does not have relevant expertise
• Lack of segregation of duties
• Lack of control with respect to sharing of data between various unit of the organization.

Understanding of Revenue Model

The revenue model of shared services typically depends on the nature of services and arrangement with customers. However, a typical billing model would include the following:

• Time and material: Under this model are billing is done based on the time spent by the resource involved in the project / time spent for a particular unit. The time model could be weekly, daily, or hourly basis as per the agreement between various units.
• Based on volume or transaction: The arrangement could be based on the final output irrespective of the resources used or the time spent by the resources.
• Based on outcome: Generally, in case of any maintenance or trouble shooting as shared services, the revenue model can be based on the outcome irrespective of the time spent or volume / transaction.
• Cost plus mark-up: The billing is done as cost and mark-up where certain cost like personnel cost, operating expenses are charged from customer by adding a fixed mark up.

Some of the risk and auditor’s response to the risk

Area: Payroll

The shared services are generally employee centric operations where the expertise of the employees is used across the organization. The payroll forms part of the prominent cost of the shared services.

Area: Expenses

Since most of the shared services the billing is done based on cost plus markup model, the expenses play a pivotal role. Proper regulation of expenses is critical to arrive at the cost.